Ad: Manage updates with the Download App
  • CNET
  • All Vulnerabilities and attacks posts

Vulnerabilities and attacks

Old OS X malware used in increased attacks against Uyghur groups

Kaspersky labs and Alienvault have released a new analysis that outlines recent increases in targeted attacks against Uyghur groups in China, where an apparent ongoing politically motivated effort is using old vulnerabilities in Microsoft Word to infect their systems with malware.

The effort is using unpatched versions of Microsoft Word 2004 and 2008 for OS X, where maliciously crafted documents can exploit an old and patched vulnerability to execute code and install backdoor software without the user's consent. The malware in this case installs a common remote-access shell called "TinySHell" that in itself is not intended as … Read more

Microsoft delivers fixes for Windows 8, Windows RT

It's February 12, yet another Patch Tuesday. Among the security fixes aplenty that Microsoft is rolling out today are a few other non-security-specific updates for Windows RT and Windows 8.

As previously announced, the February cumulative update includes fixes designed to improve Surface Wi-Fi reliability and connectivity, a Microsoft spokesperson confirmed.

Microsoft also has provided a fix for the app-store-downloading bug that a number of Surface RT and Windows RT users reported a few weeks back. The problem resulted in Windows RT systems entering "Connected Standby" while the devices were downloading new Windows Updates via Automatic Update. … Read more

Android a growing target for mobile malware -- report

The Android platform is becoming a key mobile target for cybercriminals, who are getting much more efficient with their malware, according to a report from Web-security company Blue Coat Systems.

In a mobile malware report, Blue Coat notes that Android is a popular target. Here's a look at the volume of Android malware:

Blue Coat noted:

The Android-based malware blocked by WebPulse included an Android root exploit and a variety of rogue Android software. Forty percent of Android malware was delivered via malnets, demonstrating how cybercriminals can successfully utilize embedded infrastructures to attack mobile users. In the most recent … Read more

Gmail of journalists in Myanmar said to be hacked

A handful of journalists who cover Myanmar received warnings from Google over the past week. The Web giant told them that their Gmail accounts might have been hacked by "state actors" or "state-sponsored attackers" and that they should change their passwords and tighten their security settings, according to the Wall Street Journal.

Google said that it has systems in place to detect possible state-sponsored malware or hacking but would not give the Wall Street Journal further information on how these systems work.

The Myanmar government has now responded to these allegations and denies any involvement in … Read more

Cyberattacks reanimate CISPA, spark move by Obama -- reports

Recent reports of cyberespionage and hacking against important U.S. targets have triggered cybersecurity rumblings in Washington, with the leaders of the House Intelligence Committee reportedly planning to bring back the controversial CISPA -- Cyber Intelligence Sharing and Protection Act -- and President Obama reportedly readying his own executive order on the issue.

House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Rep. Dutch Ruppersberger (D-Md.) say they plan to re-introduce CISPA -- unaltered -- next week during a speech at the Center for Strategic and International Studies in Washington, according to Beltway tech blog The Hill.

"American … Read more

Adobe issues emergency update for Flash

Adobe issued an emergency update to its Flash Player to fix two zero-day threats, the company announced yesterday. The updates affect all versions of Flash on Windows, Mac, Linux, and Android.

The vulnerabilities currently are being exploited "in the wild," says Adobe's blog on the patches. According to the Kaspersky ThreatPost blog on the pair of zero-days, one attack targets "aerospace and other manufacturing companies" by tricking people into opening a Microsoft Word document with malicious Flash content embedded in it. The second zero-day targets Firefox and Safari on Mac OS X by tricking you … Read more

Microsoft's next Patch Tuesday to fix 57 security bugs

Microsoft is deploying a larger bunch of bug fixes this month than usual.

Next week's Patch Tuesday will address 57 different security vulnerabilities through 12 separate updates.

The bugs stretch across a range of programs, including Windows, Internet Explorer, Windows Server, Microsoft Exchange, and Microsoft's .Net Framework.

Five of the 12 patches are rated critical, so they're designed to patch holes that could allow someone to execute malicious code on an unprotected PC. Two of the critical patches are aimed at all versions of Internet Explorer from 6 through 10. That means all current versions of Windows … Read more

Flash update fixes active exploits for both OS X and Windows

Java is not the only runtime that malware developers use to target victims of their attacks, and yesterday Adobe released an update to Flash that fixes two zero-day exploits in its popular Web plug-in software.

The two vulnerabilities in question affect both OS X and Windows systems, and allow malicious Flash content on Web sites to deliver malware to Macintosh systems via Firefox and Safari. The second vulnerability targets Windows users by tricking them into opening an e-mail attachment that contains the Flash-based exploit.

These problems are considered critical, so if you have Flash enabled on your system (which most … Read more

Microsoft, Symantec shutter another botnet

Microsoft and security software maker Symantec have revealed that they collaborated on the take-down of a botnet that had infected hundreds of thousands of computers.

By stopping the botnet, infected computers were reportedly unable to search the Internet. According to the story as first reported by Reuters, this is the first time that the companies which stopped the botnet directly warned people who had infected computers and offered them clean-up tools.

The botnet, called Bamital, is the sixth one that that Microsoft has received a court order to stop since 2010 and the second that it has worked with Symantec … Read more

'Chinese still hacking us,' says Wall Street Journal owner

Several U.S. media outlets experienced a massive wave of cyberattacks allegedly coming from the Chinese military over the last few months. While some newspapers have claimed that their networks are now safe, the Wall Street Journal may still be a victim of the online onslaught.

The newspaper's owner Rupert Murdock tweeted today, "Chinese still hacking us, or were over weekend."

Chinese still hacking us, or were over weekend.

— Rupert Murdoch(@rupertmurdoch) February 6, 2013

The Wall Street Journal confirmed last week that it had been the target of cyberattacks in recent months because of its coverage … Read more